Add tokio-rustls-manual-roots feature

This allows dropping the forced dependency on webpki-roots when using
a custom connector that provides its own TLS roots instead.
main
ComplexSpaces 2 years ago committed by Sebastian Dröge
parent 7d844cb711
commit e935f4078b
  1. 3
      .github/workflows/ci.yml
  2. 7
      Cargo.toml
  3. 1
      src/lib.rs
  4. 16
      src/tokio.rs
  5. 10
      src/tokio/rustls.rs

@ -70,6 +70,9 @@ jobs:
- name: Check tokio-runtime, tokio-rustls-webpki-roots - name: Check tokio-runtime, tokio-rustls-webpki-roots
run: cargo check --features tokio-runtime,tokio-rustls-webpki-roots run: cargo check --features tokio-runtime,tokio-rustls-webpki-roots
- name: Check tokio-runtime, tokio-rustls-manual-roots
run: cargo check --features tokio-runtime,tokio-rustls-manual-roots
- name: Check tokio-runtime, tokio-openssl - name: Check tokio-runtime, tokio-openssl
run: cargo check --features tokio-runtime,tokio-openssl run: cargo check --features tokio-runtime,tokio-openssl

@ -23,11 +23,14 @@ gio-runtime = ["gio", "glib", "handshake"]
async-tls = ["real-async-tls", "handshake"] async-tls = ["real-async-tls", "handshake"]
async-native-tls = ["async-std-runtime", "real-async-native-tls", "tungstenite/native-tls"] async-native-tls = ["async-std-runtime", "real-async-native-tls", "tungstenite/native-tls"]
tokio-native-tls = ["tokio-runtime", "real-tokio-native-tls", "real-native-tls", "tungstenite/native-tls"] tokio-native-tls = ["tokio-runtime", "real-tokio-native-tls", "real-native-tls", "tungstenite/native-tls"]
tokio-rustls-webpki-roots = ["tokio-runtime", "real-tokio-rustls", "webpki-roots", "tungstenite/__rustls-tls"] tokio-rustls-manual-roots = ["__rustls-tls"]
tokio-rustls-native-certs = ["tokio-runtime", "real-tokio-rustls", "rustls-native-certs", "tungstenite/__rustls-tls"] tokio-rustls-webpki-roots = ["__rustls-tls", "webpki-roots"]
tokio-rustls-native-certs = ["__rustls-tls", "rustls-native-certs"]
tokio-openssl = ["tokio-runtime", "real-tokio-openssl", "openssl"] tokio-openssl = ["tokio-runtime", "real-tokio-openssl", "openssl"]
verbose-logging = [] verbose-logging = []
__rustls-tls = ["tokio-runtime", "real-tokio-rustls", "tungstenite/__rustls-tls"]
[package.metadata.docs.rs] [package.metadata.docs.rs]
features = ["async-std-runtime", "tokio-runtime", "gio-runtime", "async-tls", "async-native-tls", "tokio-native-tls"] features = ["async-std-runtime", "tokio-runtime", "gio-runtime", "async-tls", "async-native-tls", "tokio-native-tls"]

@ -51,6 +51,7 @@ mod handshake;
feature = "async-tls", feature = "async-tls",
feature = "async-native-tls", feature = "async-native-tls",
feature = "tokio-native-tls", feature = "tokio-native-tls",
feature = "tokio-rustls-manual-roots",
feature = "tokio-rustls-native-certs", feature = "tokio-rustls-native-certs",
feature = "tokio-rustls-webpki-roots", feature = "tokio-rustls-webpki-roots",
feature = "tokio-openssl", feature = "tokio-openssl",

@ -17,6 +17,7 @@ mod tls;
#[cfg(all( #[cfg(all(
any( any(
feature = "tokio-rustls-manual-roots",
feature = "tokio-rustls-native-certs", feature = "tokio-rustls-native-certs",
feature = "tokio-rustls-webpki-roots" feature = "tokio-rustls-webpki-roots"
), ),
@ -29,6 +30,7 @@ mod tls;
feature = "tokio-openssl", feature = "tokio-openssl",
not(any( not(any(
feature = "tokio-native-tls", feature = "tokio-native-tls",
feature = "tokio-rustls-manual-roots",
feature = "tokio-rustls-native-certs", feature = "tokio-rustls-native-certs",
feature = "tokio-rustls-webpki-roots" feature = "tokio-rustls-webpki-roots"
)) ))
@ -40,6 +42,7 @@ mod tls;
feature = "async-tls", feature = "async-tls",
not(any( not(any(
feature = "tokio-native-tls", feature = "tokio-native-tls",
feature = "tokio-rustls-manual-roots",
feature = "tokio-rustls-native-certs", feature = "tokio-rustls-native-certs",
feature = "tokio-rustls-webpki-roots", feature = "tokio-rustls-webpki-roots",
feature = "tokio-openssl" feature = "tokio-openssl"
@ -50,6 +53,7 @@ mod tls;
#[cfg(not(any( #[cfg(not(any(
feature = "tokio-native-tls", feature = "tokio-native-tls",
feature = "tokio-rustls-manual-roots",
feature = "tokio-rustls-native-certs", feature = "tokio-rustls-native-certs",
feature = "tokio-rustls-webpki-roots", feature = "tokio-rustls-webpki-roots",
feature = "tokio-openssl", feature = "tokio-openssl",
@ -60,6 +64,7 @@ mod tls;
#[cfg(any( #[cfg(any(
feature = "tokio-native-tls", feature = "tokio-native-tls",
feature = "tokio-rustls-manual-roots",
feature = "tokio-rustls-native-certs", feature = "tokio-rustls-native-certs",
feature = "tokio-rustls-webpki-roots", feature = "tokio-rustls-webpki-roots",
feature = "tokio-openssl", feature = "tokio-openssl",
@ -68,6 +73,7 @@ mod tls;
pub use self::tls::client_async_tls_with_connector_and_config; pub use self::tls::client_async_tls_with_connector_and_config;
#[cfg(any( #[cfg(any(
feature = "tokio-native-tls", feature = "tokio-native-tls",
feature = "tokio-rustls-manual-roots",
feature = "tokio-rustls-native-certs", feature = "tokio-rustls-native-certs",
feature = "tokio-rustls-webpki-roots", feature = "tokio-rustls-webpki-roots",
feature = "tokio-openssl", feature = "tokio-openssl",
@ -77,6 +83,7 @@ use self::tls::{AutoStream, Connector};
#[cfg(not(any( #[cfg(not(any(
feature = "tokio-native-tls", feature = "tokio-native-tls",
feature = "tokio-rustls-manual-roots",
feature = "tokio-rustls-native-certs", feature = "tokio-rustls-native-certs",
feature = "tokio-rustls-webpki-roots", feature = "tokio-rustls-webpki-roots",
feature = "tokio-openssl", feature = "tokio-openssl",
@ -85,6 +92,7 @@ use self::tls::{AutoStream, Connector};
pub use self::tls::client_async_tls_with_connector_and_config; pub use self::tls::client_async_tls_with_connector_and_config;
#[cfg(not(any( #[cfg(not(any(
feature = "tokio-native-tls", feature = "tokio-native-tls",
feature = "tokio-rustls-manual-roots",
feature = "tokio-rustls-native-certs", feature = "tokio-rustls-native-certs",
feature = "tokio-rustls-webpki-roots", feature = "tokio-rustls-webpki-roots",
feature = "tokio-openssl", feature = "tokio-openssl",
@ -196,6 +204,7 @@ pub type ClientStream<S> = AutoStream<S>;
feature = "tokio-native-tls", feature = "tokio-native-tls",
feature = "tokio-rustls-native-certs", feature = "tokio-rustls-native-certs",
feature = "tokio-rustls-webpki-roots", feature = "tokio-rustls-webpki-roots",
all(feature = "__rustls-tls", not(feature = "tokio-rustls-manual-roots")), // No roots will be available
all(feature = "async-tls", not(feature = "tokio-openssl")) all(feature = "async-tls", not(feature = "tokio-openssl"))
))] ))]
/// Creates a WebSocket handshake from a request and a stream, /// Creates a WebSocket handshake from a request and a stream,
@ -216,6 +225,7 @@ where
feature = "tokio-native-tls", feature = "tokio-native-tls",
feature = "tokio-rustls-native-certs", feature = "tokio-rustls-native-certs",
feature = "tokio-rustls-webpki-roots", feature = "tokio-rustls-webpki-roots",
all(feature = "__rustls-tls", not(feature = "tokio-rustls-manual-roots")), // No roots will be available
all(feature = "async-tls", not(feature = "tokio-openssl")) all(feature = "async-tls", not(feature = "tokio-openssl"))
))] ))]
/// Creates a WebSocket handshake from a request and a stream, /// Creates a WebSocket handshake from a request and a stream,
@ -236,6 +246,7 @@ where
#[cfg(any( #[cfg(any(
feature = "tokio-native-tls", feature = "tokio-native-tls",
feature = "tokio-rustls-manual-roots",
feature = "tokio-rustls-native-certs", feature = "tokio-rustls-native-certs",
feature = "tokio-rustls-webpki-roots", feature = "tokio-rustls-webpki-roots",
all(feature = "async-tls", not(feature = "tokio-openssl")) all(feature = "async-tls", not(feature = "tokio-openssl"))
@ -260,6 +271,7 @@ where
feature = "tokio-openssl", feature = "tokio-openssl",
not(any( not(any(
feature = "tokio-native-tls", feature = "tokio-native-tls",
feature = "tokio-rustls-manual-roots",
feature = "tokio-rustls-native-certs", feature = "tokio-rustls-native-certs",
feature = "tokio-rustls-webpki-roots" feature = "tokio-rustls-webpki-roots"
)) ))
@ -288,6 +300,7 @@ where
feature = "tokio-openssl", feature = "tokio-openssl",
not(any( not(any(
feature = "tokio-native-tls", feature = "tokio-native-tls",
feature = "tokio-rustls-manual-roots",
feature = "tokio-rustls-native-certs", feature = "tokio-rustls-native-certs",
feature = "tokio-rustls-webpki-roots" feature = "tokio-rustls-webpki-roots"
)) ))
@ -318,6 +331,7 @@ where
feature = "tokio-openssl", feature = "tokio-openssl",
not(any( not(any(
feature = "tokio-native-tls", feature = "tokio-native-tls",
feature = "tokio-rustls-manual-roots",
feature = "tokio-rustls-native-certs", feature = "tokio-rustls-native-certs",
feature = "tokio-rustls-webpki-roots" feature = "tokio-rustls-webpki-roots"
)) ))
@ -378,6 +392,7 @@ where
#[cfg(any( #[cfg(any(
feature = "async-tls", feature = "async-tls",
feature = "tokio-native-tls", feature = "tokio-native-tls",
feature = "tokio-rustls-manual-roots",
feature = "tokio-rustls-native-certs", feature = "tokio-rustls-native-certs",
feature = "tokio-rustls-webpki-roots", feature = "tokio-rustls-webpki-roots",
feature = "tokio-openssl" feature = "tokio-openssl"
@ -396,6 +411,7 @@ where
#[cfg(any( #[cfg(any(
feature = "async-tls", feature = "async-tls",
feature = "tokio-native-tls", feature = "tokio-native-tls",
feature = "tokio-rustls-manual-roots",
feature = "tokio-rustls-native-certs", feature = "tokio-rustls-native-certs",
feature = "tokio-rustls-webpki-roots", feature = "tokio-rustls-webpki-roots",
feature = "tokio-openssl" feature = "tokio-openssl"

@ -37,7 +37,14 @@ where
let connector = if let Some(connector) = connector { let connector = if let Some(connector) = connector {
connector connector
} else { } else {
#[cfg(feature = "tokio-rustls-manual-roots")]
log::error!("tokio-rustls-manual-roots was selected, but no connector was provided! No certificates can be verified in this state.");
#[cfg(feature = "tokio-rustls-manual-roots")]
let root_store = RootCertStore::empty();
#[cfg(not(feature = "tokio-rustls-manual-roots"))]
let mut root_store = RootCertStore::empty(); let mut root_store = RootCertStore::empty();
#[cfg(feature = "tokio-rustls-native-certs")] #[cfg(feature = "tokio-rustls-native-certs")]
{ {
use real_tokio_rustls::rustls::Certificate; use real_tokio_rustls::rustls::Certificate;
@ -50,7 +57,8 @@ where
} }
#[cfg(all( #[cfg(all(
feature = "tokio-rustls-webpki-roots", feature = "tokio-rustls-webpki-roots",
not(feature = "tokio-rustls-native-certs") not(feature = "tokio-rustls-native-certs"),
not(feature = "tokio-rustls-manual-roots")
))] ))]
{ {
use real_tokio_rustls::rustls::OwnedTrustAnchor; use real_tokio_rustls::rustls::OwnedTrustAnchor;

Loading…
Cancel
Save